Bug#733564: pu: apache2 with ECDHE support
I would like to see apache in stable support ECDHE. This was
added somewhere in a 2.3 version and so only part of a stable
release in 2.4.
The reason I want to see is ECDHE is that we want (Perfect)
Forward Secrecy (PFS). Apache supports with with DHE, but
DHE has some problems:
- It's much slower than an RSA key exchange. ECDHE on the
other had is much faster than DHE.
- apache 2.2 only supports 1024 bit DH keys. It might be
configurable in later versions. We really want to see 2048 bit
DH keys. The number of 1024 bit certificates itself has already
been reduced to about 1.5%, so the DH key then becomes the
weakest point in chain. However many of the client can't handle
keys that are larger than 1024. With ECDHE a 256 bit key would
be enough and all clients I know about that support ECDHE
support at least 256 bits.
ECDHE also has a known broken implementation. OS X 10.8..10.8.3
has broken support for ECDHE-ECDSA ciphers. Stats from mozilla
show that about 8.4% of the ciphers the browser negiotates since
the put ECDHE on top of their prefered list is using ECDHE-ECDSA.
They see about 23.5% with ECDHE support. This at least gives
the impression that about 35% of the sites would want to use
ECDHE-ECDSA, but it might also be a few sites that have lots
of traffic. (The rest would use ECDHE_RSA.) I have no better
stats for this, but it's clearly something we need to take into
OpenSSL has added support to try and detect this broken version
and avoid selecting the ECDHE-ECDSA in that case, but that
detection is currently not in wheezy, but it did just make it
Adding ECDHE support in apache will probably require backporting
the patches for that. I'm not sure how much work that is going
to be and wether someone like redhat might have already done that.
Before I put more time in this, I would like to known if you will
consider such a change in a stable release update.